<!DOCTYPE HTML>

<html lang="en">
<head>

<title>ServerHttpSecurity (spring-security-docs 5.6.3 API)</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../../../jquery/jquery-ui.css" title="Style">
<script type="text/javascript" src="../../../../../../script.js"></script>
<script type="text/javascript" src="../../../../../../jquery/jszip/dist/jszip.min.js"></script>
<script type="text/javascript" src="../../../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
<!--[if IE]>
<script type="text/javascript" src="../../../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
<![endif]-->
<script type="text/javascript" src="../../../../../../jquery/jquery-3.5.1.js"></script>
<script type="text/javascript" src="../../../../../../jquery/jquery-ui.js"></script>
</head>
<body>
<script type="text/javascript"><!--
    try {
        if (location.href.indexOf('is-external=true') == -1) {
            parent.document.title="ServerHttpSecurity (spring-security-docs 5.6.3 API)";
        }
    }
    catch(err) {
    }
//-->
var data = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10,"i14":10,"i15":10,"i16":10,"i17":10,"i18":10,"i19":9,"i20":10,"i21":10,"i22":10,"i23":10,"i24":10,"i25":10,"i26":10,"i27":10,"i28":10,"i29":10,"i30":10,"i31":10,"i32":10,"i33":10,"i34":10,"i35":10,"i36":10,"i37":10,"i38":10,"i39":10,"i40":10};
var tabs = {65535:["t0","All Methods"],1:["t1","Static Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
var pathtoroot = "../../../../../../";
var useModuleDirectories = true;
loadScripts(document, 'script');</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<header role="banner">
<nav role="navigation">
<div class="fixedNav">

<div class="topNav"><a id="navbar.top">

</a>
<div class="skipNav"><a href="ServerHttpSecurity.html#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.top.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<ul class="navListSearch">
<li><label for="search">SEARCH:</label>
<input type="text" id="search" value="search" disabled="disabled">
<input type="reset" id="reset" value="reset" disabled="disabled">
</li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_top");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li><a href="ServerHttpSecurity.html#nested.class.summary">Nested</a>&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="ServerHttpSecurity.html#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="ServerHttpSecurity.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="ServerHttpSecurity.html#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="ServerHttpSecurity.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.top">

</a></div>

</div>
<div class="navPadding">&nbsp;</div>
<script type="text/javascript"><!--
$('.navPadding').css('padding-top', $('.fixedNav').css("height"));
//-->
</script>
</nav>
</header>

<main role="main">
<div class="header">
<div class="subTitle"><span class="packageLabelInType">Package</span>&nbsp;<a href="package-summary.html">org.springframework.security.config.web.server</a></div>
<h2 title="Class ServerHttpSecurity" class="title">Class ServerHttpSecurity</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li>java.lang.Object</li>
<li>
<ul class="inheritance">
<li>org.springframework.security.config.web.server.ServerHttpSecurity</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<hr>
<pre>public class <span class="typeNameLabel">ServerHttpSecurity</span>
extends java.lang.Object</pre>
<div class="block">A <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> is similar to Spring Security's <code>HttpSecurity</code> but
for WebFlux. It allows configuring web based security for specific http requests. By
default it will be applied to all requests, but can be restricted using
<a href="ServerHttpSecurity.html#securityMatcher(org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher)"><code>securityMatcher(ServerWebExchangeMatcher)</code></a> or other similar methods.
A minimal configuration can be found below:
<pre class="code"> &#064;EnableWebFluxSecurity
 public class MyMinimalSecurityConfiguration {

     &#064;Bean
     public MapReactiveUserDetailsService userDetailsService() {
         UserDetails user = User.withDefaultPasswordEncoder()
             .username("user")
             .password("password")
             .roles("USER")
             .build();
         return new MapReactiveUserDetailsService(user);
     }
 }
 </pre>
Below is the same as our minimal configuration, but explicitly declaring the
<code>ServerHttpSecurity</code>.
<pre class="code"> &#064;EnableWebFluxSecurity
 public class MyExplicitSecurityConfiguration {

     &#064;Bean
     public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
         http
             .authorizeExchange()
               .anyExchange().authenticated()
             .and()
               .httpBasic().and()
               .formLogin();
             return http.build();
     }

     &#064;Bean
     public MapReactiveUserDetailsService userDetailsService() {
         UserDetails user = User.withDefaultPasswordEncoder()
             .username("user")
             .password("password")
             .roles("USER")
             .build();
         return new MapReactiveUserDetailsService(user);
     }
 }
 </pre></div>
<dl>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.0</dd>
</dl>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="nested.class.summary">

</a>
<h3>Nested Class Summary</h3>
<table class="memberSummary">
<caption><span>Nested Classes</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Class</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.AnonymousSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.AnonymousSpec</a></span></code></th>
<td class="colLast">
<div class="block">Configures anonymous authentication</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.AuthorizeExchangeSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.AuthorizeExchangeSpec</a></span></code></th>
<td class="colLast">
<div class="block">Configures authorization</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.CorsSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.CorsSpec</a></span></code></th>
<td class="colLast">
<div class="block">Configures CORS support within Spring Security.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.CsrfSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.CsrfSpec</a></span></code></th>
<td class="colLast">
<div class="block">Configures <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet">CSRF
Protection</a></div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.ExceptionHandlingSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.ExceptionHandlingSpec</a></span></code></th>
<td class="colLast">
<div class="block">Configures exception handling</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.FormLoginSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.FormLoginSpec</a></span></code></th>
<td class="colLast">
<div class="block">Configures Form Based authentication</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.HeaderSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HeaderSpec</a></span></code></th>
<td class="colLast">
<div class="block">Configures HTTP Response Headers.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.HttpBasicSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HttpBasicSpec</a></span></code></th>
<td class="colLast">
<div class="block">Configures HTTP Basic Authentication</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.HttpsRedirectSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HttpsRedirectSpec</a></span></code></th>
<td class="colLast">
<div class="block">Configures HTTPS redirection rules</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.LogoutSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.LogoutSpec</a></span></code></th>
<td class="colLast">
<div class="block">Configures log out</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.OAuth2ClientSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2ClientSpec</a></span></code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.OAuth2LoginSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2LoginSpec</a></span></code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.OAuth2ResourceServerSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2ResourceServerSpec</a></span></code></th>
<td class="colLast">
<div class="block">Configures OAuth2 Resource Server Support</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.PasswordManagementSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.PasswordManagementSpec</a></span></code></th>
<td class="colLast">
<div class="block">Configures password management.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.RequestCacheSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.RequestCacheSpec</a></span></code></th>
<td class="colLast">
<div class="block">Configures the request cache which is used when a flow is interrupted (i.e.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.X509Spec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.X509Spec</a></span></code></th>
<td class="colLast">
<div class="block">Configures X509 authentication</div>
</td>
</tr>
</table>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.summary">

</a>
<h3>Constructor Summary</h3>
<table class="memberSummary">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier</th>
<th class="colSecond" scope="col">Constructor</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>protected </code></td>
<th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#%3Cinit%3E()">ServerHttpSecurity</a></span>()</code></th>
<td class="colLast">&nbsp;</td>
</tr>
</table>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.summary">

</a>
<h3>Method Summary</h3>
<table class="memberSummary">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t1" class="tableTab"><span><a href="javascript:show(1);">Static Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Method</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#addFilterAfter(org.springframework.web.server.WebFilter,org.springframework.security.config.web.server.SecurityWebFiltersOrder)">addFilterAfter</a></span>&#8203;(org.springframework.web.server.WebFilter&nbsp;webFilter,
<a href="SecurityWebFiltersOrder.html" title="enum in org.springframework.security.config.web.server">SecurityWebFiltersOrder</a>&nbsp;order)</code></th>
<td class="colLast">
<div class="block">Adds a <code>WebFilter</code> after specific position.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#addFilterAt(org.springframework.web.server.WebFilter,org.springframework.security.config.web.server.SecurityWebFiltersOrder)">addFilterAt</a></span>&#8203;(org.springframework.web.server.WebFilter&nbsp;webFilter,
<a href="SecurityWebFiltersOrder.html" title="enum in org.springframework.security.config.web.server">SecurityWebFiltersOrder</a>&nbsp;order)</code></th>
<td class="colLast">
<div class="block">Adds a <code>WebFilter</code> at a specific position.</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#addFilterBefore(org.springframework.web.server.WebFilter,org.springframework.security.config.web.server.SecurityWebFiltersOrder)">addFilterBefore</a></span>&#8203;(org.springframework.web.server.WebFilter&nbsp;webFilter,
<a href="SecurityWebFiltersOrder.html" title="enum in org.springframework.security.config.web.server">SecurityWebFiltersOrder</a>&nbsp;order)</code></th>
<td class="colLast">
<div class="block">Adds a <code>WebFilter</code> before specific position.</div>
</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.AnonymousSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.AnonymousSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#anonymous()">anonymous</a></span>()</code></th>
<td class="colLast">
<div class="block">Enables and Configures anonymous authentication.</div>
</td>
</tr>
<tr id="i4" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#anonymous(org.springframework.security.config.Customizer)">anonymous</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.AnonymousSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.AnonymousSpec</a>&gt;&nbsp;anonymousCustomizer)</code></th>
<td class="colLast">
<div class="block">Enables and Configures anonymous authentication.</div>
</td>
</tr>
<tr id="i5" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#authenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager)">authenticationManager</a></span>&#8203;(<a href="../../../authentication/ReactiveAuthenticationManager.html" title="interface in org.springframework.security.authentication">ReactiveAuthenticationManager</a>&nbsp;manager)</code></th>
<td class="colLast">
<div class="block">Configure the default authentication manager.</div>
</td>
</tr>
<tr id="i6" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.AuthorizeExchangeSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.AuthorizeExchangeSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#authorizeExchange()">authorizeExchange</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures authorization.</div>
</td>
</tr>
<tr id="i7" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#authorizeExchange(org.springframework.security.config.Customizer)">authorizeExchange</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.AuthorizeExchangeSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.AuthorizeExchangeSpec</a>&gt;&nbsp;authorizeExchangeCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures authorization.</div>
</td>
</tr>
<tr id="i8" class="altColor">
<td class="colFirst"><code><a href="../../../web/server/SecurityWebFilterChain.html" title="interface in org.springframework.security.web.server">SecurityWebFilterChain</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#build()">build</a></span>()</code></th>
<td class="colLast">
<div class="block">Builds the <a href="../../../web/server/SecurityWebFilterChain.html" title="interface in org.springframework.security.web.server"><code>SecurityWebFilterChain</code></a></div>
</td>
</tr>
<tr id="i9" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.CorsSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.CorsSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#cors()">cors</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures CORS headers.</div>
</td>
</tr>
<tr id="i10" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#cors(org.springframework.security.config.Customizer)">cors</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.CorsSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.CorsSpec</a>&gt;&nbsp;corsCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures CORS headers.</div>
</td>
</tr>
<tr id="i11" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.CsrfSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.CsrfSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#csrf()">csrf</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet">CSRF
Protection</a> which is enabled by default.</div>
</td>
</tr>
<tr id="i12" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#csrf(org.springframework.security.config.Customizer)">csrf</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.CsrfSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.CsrfSpec</a>&gt;&nbsp;csrfCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet">CSRF
Protection</a> which is enabled by default.</div>
</td>
</tr>
<tr id="i13" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.ExceptionHandlingSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.ExceptionHandlingSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#exceptionHandling()">exceptionHandling</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures exception handling (i.e.</div>
</td>
</tr>
<tr id="i14" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#exceptionHandling(org.springframework.security.config.Customizer)">exceptionHandling</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.ExceptionHandlingSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.ExceptionHandlingSpec</a>&gt;&nbsp;exceptionHandlingCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures exception handling (i.e.</div>
</td>
</tr>
<tr id="i15" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.FormLoginSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.FormLoginSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#formLogin()">formLogin</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures form based authentication.</div>
</td>
</tr>
<tr id="i16" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#formLogin(org.springframework.security.config.Customizer)">formLogin</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.FormLoginSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.FormLoginSpec</a>&gt;&nbsp;formLoginCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures form based authentication.</div>
</td>
</tr>
<tr id="i17" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.HeaderSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HeaderSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#headers()">headers</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures HTTP Response Headers.</div>
</td>
</tr>
<tr id="i18" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#headers(org.springframework.security.config.Customizer)">headers</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.HeaderSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HeaderSpec</a>&gt;&nbsp;headerCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures HTTP Response Headers.</div>
</td>
</tr>
<tr id="i19" class="rowColor">
<td class="colFirst"><code>static <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#http()">http</a></span>()</code></th>
<td class="colLast">
<div class="block">Creates a new instance.</div>
</td>
</tr>
<tr id="i20" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.HttpBasicSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HttpBasicSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#httpBasic()">httpBasic</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures HTTP Basic authentication.</div>
</td>
</tr>
<tr id="i21" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#httpBasic(org.springframework.security.config.Customizer)">httpBasic</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.HttpBasicSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HttpBasicSpec</a>&gt;&nbsp;httpBasicCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures HTTP Basic authentication.</div>
</td>
</tr>
<tr id="i22" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.LogoutSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.LogoutSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#logout()">logout</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures log out.</div>
</td>
</tr>
<tr id="i23" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#logout(org.springframework.security.config.Customizer)">logout</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.LogoutSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.LogoutSpec</a>&gt;&nbsp;logoutCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures log out.</div>
</td>
</tr>
<tr id="i24" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.OAuth2ClientSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2ClientSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#oauth2Client()">oauth2Client</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures the OAuth2 client.</div>
</td>
</tr>
<tr id="i25" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#oauth2Client(org.springframework.security.config.Customizer)">oauth2Client</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.OAuth2ClientSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2ClientSpec</a>&gt;&nbsp;oauth2ClientCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures the OAuth2 client.</div>
</td>
</tr>
<tr id="i26" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.OAuth2LoginSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2LoginSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#oauth2Login()">oauth2Login</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0
Provider.</div>
</td>
</tr>
<tr id="i27" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#oauth2Login(org.springframework.security.config.Customizer)">oauth2Login</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.OAuth2LoginSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2LoginSpec</a>&gt;&nbsp;oauth2LoginCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0
Provider.</div>
</td>
</tr>
<tr id="i28" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.OAuth2ResourceServerSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2ResourceServerSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#oauth2ResourceServer()">oauth2ResourceServer</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures OAuth 2.0 Resource Server support.</div>
</td>
</tr>
<tr id="i29" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#oauth2ResourceServer(org.springframework.security.config.Customizer)">oauth2ResourceServer</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.OAuth2ResourceServerSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2ResourceServerSpec</a>&gt;&nbsp;oauth2ResourceServerCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures OAuth 2.0 Resource Server support.</div>
</td>
</tr>
<tr id="i30" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.PasswordManagementSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.PasswordManagementSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#passwordManagement()">passwordManagement</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures password management.</div>
</td>
</tr>
<tr id="i31" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#passwordManagement(org.springframework.security.config.Customizer)">passwordManagement</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.PasswordManagementSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.PasswordManagementSpec</a>&gt;&nbsp;passwordManagementCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures password management.</div>
</td>
</tr>
<tr id="i32" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.HttpsRedirectSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HttpsRedirectSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#redirectToHttps()">redirectToHttps</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures HTTPS redirection rules.</div>
</td>
</tr>
<tr id="i33" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#redirectToHttps(org.springframework.security.config.Customizer)">redirectToHttps</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.HttpsRedirectSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HttpsRedirectSpec</a>&gt;&nbsp;httpsRedirectCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures HTTPS redirection rules.</div>
</td>
</tr>
<tr id="i34" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.RequestCacheSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.RequestCacheSpec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#requestCache()">requestCache</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures the request cache which is used when a flow is interrupted (i.e.</div>
</td>
</tr>
<tr id="i35" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#requestCache(org.springframework.security.config.Customizer)">requestCache</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.RequestCacheSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.RequestCacheSpec</a>&gt;&nbsp;requestCacheCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures the request cache which is used when a flow is interrupted (i.e.</div>
</td>
</tr>
<tr id="i36" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#securityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository)">securityContextRepository</a></span>&#8203;(<a href="../../../web/server/context/ServerSecurityContextRepository.html" title="interface in org.springframework.security.web.server.context">ServerSecurityContextRepository</a>&nbsp;securityContextRepository)</code></th>
<td class="colLast">
<div class="block">The strategy used with <code>ReactorContextWebFilter</code>.</div>
</td>
</tr>
<tr id="i37" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#securityMatcher(org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher)">securityMatcher</a></span>&#8203;(<a href="../../../web/server/util/matcher/ServerWebExchangeMatcher.html" title="interface in org.springframework.security.web.server.util.matcher">ServerWebExchangeMatcher</a>&nbsp;matcher)</code></th>
<td class="colLast">
<div class="block">The ServerExchangeMatcher that determines which requests apply to this HttpSecurity
instance.</div>
</td>
</tr>
<tr id="i38" class="altColor">
<td class="colFirst"><code>protected void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#setApplicationContext(org.springframework.context.ApplicationContext)">setApplicationContext</a></span>&#8203;(org.springframework.context.ApplicationContext&nbsp;applicationContext)</code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr id="i39" class="rowColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.X509Spec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.X509Spec</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#x509()">x509</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures x509 authentication using a certificate provided by a client.</div>
</td>
</tr>
<tr id="i40" class="altColor">
<td class="colFirst"><code><a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="ServerHttpSecurity.html#x509(org.springframework.security.config.Customizer)">x509</a></span>&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.X509Spec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.X509Spec</a>&gt;&nbsp;x509Customizer)</code></th>
<td class="colLast">
<div class="block">Configures x509 authentication using a certificate provided by a client.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.java.lang.Object">

</a>
<h3>Methods inherited from class&nbsp;java.lang.Object</h3>
<code>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</code></li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.detail">

</a>
<h3>Constructor Detail</h3>
<a id="&lt;init&gt;()">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>ServerHttpSecurity</h4>
<pre>protected&nbsp;ServerHttpSecurity()</pre>
</li>
</ul>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.detail">

</a>
<h3>Method Detail</h3>
<a id="securityMatcher(org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>securityMatcher</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;securityMatcher&#8203;(<a href="../../../web/server/util/matcher/ServerWebExchangeMatcher.html" title="interface in org.springframework.security.web.server.util.matcher">ServerWebExchangeMatcher</a>&nbsp;matcher)</pre>
<div class="block">The ServerExchangeMatcher that determines which requests apply to this HttpSecurity
instance.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>matcher</code> - the ServerExchangeMatcher that determines which requests apply to
this HttpSecurity instance. Default is all requests.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to continue configuring</dd>
</dl>
</li>
</ul>
<a id="addFilterAt(org.springframework.web.server.WebFilter,org.springframework.security.config.web.server.SecurityWebFiltersOrder)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>addFilterAt</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;addFilterAt&#8203;(org.springframework.web.server.WebFilter&nbsp;webFilter,
                                      <a href="SecurityWebFiltersOrder.html" title="enum in org.springframework.security.config.web.server">SecurityWebFiltersOrder</a>&nbsp;order)</pre>
<div class="block">Adds a <code>WebFilter</code> at a specific position.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>webFilter</code> - the <code>WebFilter</code> to add</dd>
<dd><code>order</code> - the place to insert the <code>WebFilter</code></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to continue configuring</dd>
</dl>
</li>
</ul>
<a id="addFilterBefore(org.springframework.web.server.WebFilter,org.springframework.security.config.web.server.SecurityWebFiltersOrder)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>addFilterBefore</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;addFilterBefore&#8203;(org.springframework.web.server.WebFilter&nbsp;webFilter,
                                          <a href="SecurityWebFiltersOrder.html" title="enum in org.springframework.security.config.web.server">SecurityWebFiltersOrder</a>&nbsp;order)</pre>
<div class="block">Adds a <code>WebFilter</code> before specific position.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>webFilter</code> - the <code>WebFilter</code> to add</dd>
<dd><code>order</code> - the place before which to insert the <code>WebFilter</code></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to continue configuring</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.2.0</dd>
</dl>
</li>
</ul>
<a id="addFilterAfter(org.springframework.web.server.WebFilter,org.springframework.security.config.web.server.SecurityWebFiltersOrder)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>addFilterAfter</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;addFilterAfter&#8203;(org.springframework.web.server.WebFilter&nbsp;webFilter,
                                         <a href="SecurityWebFiltersOrder.html" title="enum in org.springframework.security.config.web.server">SecurityWebFiltersOrder</a>&nbsp;order)</pre>
<div class="block">Adds a <code>WebFilter</code> after specific position.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>webFilter</code> - the <code>WebFilter</code> to add</dd>
<dd><code>order</code> - the place after which to insert the <code>WebFilter</code></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to continue configuring</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.2.0</dd>
</dl>
</li>
</ul>
<a id="securityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>securityContextRepository</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;securityContextRepository&#8203;(<a href="../../../web/server/context/ServerSecurityContextRepository.html" title="interface in org.springframework.security.web.server.context">ServerSecurityContextRepository</a>&nbsp;securityContextRepository)</pre>
<div class="block">The strategy used with <code>ReactorContextWebFilter</code>. It does impact how the
<code>SecurityContext</code> is saved which is configured on a per
<a href="../../../web/server/authentication/AuthenticationWebFilter.html" title="class in org.springframework.security.web.server.authentication"><code>AuthenticationWebFilter</code></a> basis.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>securityContextRepository</code> - the repository to use</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to continue configuring</dd>
</dl>
</li>
</ul>
<a id="redirectToHttps()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>redirectToHttps</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.HttpsRedirectSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HttpsRedirectSpec</a>&nbsp;redirectToHttps()</pre>
<div class="block">Configures HTTPS redirection rules. If the default is used:
<pre class="code">  &#064;Bean
        public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
            http
                // ...
                .redirectToHttps();
            return http.build();
        }
 </pre>
Then all non-HTTPS requests will be redirected to HTTPS.
Typically, all requests should be HTTPS; however, the focus for redirection can
also be narrowed:
<pre class="code">  &#064;Bean
        public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
            http
                // ...
                .redirectToHttps()
                    .httpsRedirectWhen((serverWebExchange) -&gt;
                        serverWebExchange.getRequest().getHeaders().containsKey("X-Requires-Https"))
            return http.build();
        }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.HttpsRedirectSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.HttpsRedirectSpec</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="redirectToHttps(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>redirectToHttps</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;redirectToHttps&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.HttpsRedirectSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HttpsRedirectSpec</a>&gt;&nbsp;httpsRedirectCustomizer)</pre>
<div class="block">Configures HTTPS redirection rules. If the default is used:
<pre class="code">  &#064;Bean
        public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
            http
                // ...
                .redirectToHttps(withDefaults());
            return http.build();
        }
 </pre>
Then all non-HTTPS requests will be redirected to HTTPS.
Typically, all requests should be HTTPS; however, the focus for redirection can
also be narrowed:
<pre class="code">  &#064;Bean
        public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
            http
                // ...
                .redirectToHttps((redirectToHttps) -&gt;
                        redirectToHttps
                        .httpsRedirectWhen((serverWebExchange) -&gt;
                                serverWebExchange.getRequest().getHeaders().containsKey("X-Requires-Https"))
                    );
            return http.build();
        }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>httpsRedirectCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for
the <a href="ServerHttpSecurity.HttpsRedirectSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.HttpsRedirectSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="csrf()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>csrf</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.CsrfSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.CsrfSpec</a>&nbsp;csrf()</pre>
<div class="block">Configures <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet">CSRF
Protection</a> which is enabled by default. You can disable it using:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .csrf().disabled();
      return http.build();
  }
 </pre>
Additional configuration options can be seen below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .csrf()
              // Handle CSRF failures
              .accessDeniedHandler(accessDeniedHandler)
              // Custom persistence of CSRF Token
              .csrfTokenRepository(csrfTokenRepository)
              // custom matching when CSRF protection is enabled
              .requireCsrfProtectionMatcher(matcher);
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.CsrfSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.CsrfSpec</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="csrf(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>csrf</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;csrf&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.CsrfSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.CsrfSpec</a>&gt;&nbsp;csrfCustomizer)</pre>
<div class="block">Configures <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet">CSRF
Protection</a> which is enabled by default. You can disable it using:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .csrf((csrf) -&gt;
              csrf.disabled()
          );
      return http.build();
  }
 </pre>
Additional configuration options can be seen below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .csrf((csrf) -&gt;
              csrf
                  // Handle CSRF failures
                  .accessDeniedHandler(accessDeniedHandler)
                  // Custom persistence of CSRF Token
                  .csrfTokenRepository(csrfTokenRepository)
                  // custom matching when CSRF protection is enabled
                  .requireCsrfProtectionMatcher(matcher)
          );
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>csrfCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="ServerHttpSecurity.CsrfSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.CsrfSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="cors()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>cors</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.CorsSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.CorsSpec</a>&nbsp;cors()</pre>
<div class="block">Configures CORS headers. By default if a <code>CorsConfigurationSource</code> Bean is
found, it will be used to create a <code>CorsWebFilter</code>. If
<a href="ServerHttpSecurity.CorsSpec.html#configurationSource(org.springframework.web.cors.reactive.CorsConfigurationSource)"><code>ServerHttpSecurity.CorsSpec.configurationSource(CorsConfigurationSource)</code></a> is invoked it will be
used instead. If neither has been configured, the Cors configuration will do
nothing.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.CorsSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.CorsSpec</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="cors(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>cors</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;cors&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.CorsSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.CorsSpec</a>&gt;&nbsp;corsCustomizer)</pre>
<div class="block">Configures CORS headers. By default if a <code>CorsConfigurationSource</code> Bean is
found, it will be used to create a <code>CorsWebFilter</code>. If
<a href="ServerHttpSecurity.CorsSpec.html#configurationSource(org.springframework.web.cors.reactive.CorsConfigurationSource)"><code>ServerHttpSecurity.CorsSpec.configurationSource(CorsConfigurationSource)</code></a> is invoked it will be
used instead. If neither has been configured, the Cors configuration will do
nothing.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>corsCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="ServerHttpSecurity.CorsSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.CorsSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="anonymous()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>anonymous</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.AnonymousSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.AnonymousSpec</a>&nbsp;anonymous()</pre>
<div class="block">Enables and Configures anonymous authentication. Anonymous Authentication is
disabled by default.
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .anonymous().key("key")
          .authorities("ROLE_ANONYMOUS");
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.AnonymousSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.AnonymousSpec</code></a> to customize</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.2.0</dd>
</dl>
</li>
</ul>
<a id="anonymous(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>anonymous</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;anonymous&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.AnonymousSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.AnonymousSpec</a>&gt;&nbsp;anonymousCustomizer)</pre>
<div class="block">Enables and Configures anonymous authentication. Anonymous Authentication is
disabled by default.
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .anonymous((anonymous) -&gt;
              anonymous
                  .key("key")
                  .authorities("ROLE_ANONYMOUS")
          );
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>anonymousCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="ServerHttpSecurity.AnonymousSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.AnonymousSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="httpBasic()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>httpBasic</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.HttpBasicSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HttpBasicSpec</a>&nbsp;httpBasic()</pre>
<div class="block">Configures HTTP Basic authentication. An example configuration is provided below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .httpBasic()
              // used for authenticating the credentials
              .authenticationManager(authenticationManager)
              // Custom persistence of the authentication
              .securityContextRepository(securityContextRepository);
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.HttpBasicSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.HttpBasicSpec</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="httpBasic(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>httpBasic</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;httpBasic&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.HttpBasicSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HttpBasicSpec</a>&gt;&nbsp;httpBasicCustomizer)</pre>
<div class="block">Configures HTTP Basic authentication. An example configuration is provided below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .httpBasic((httpBasic) -&gt;
              httpBasic
                  // used for authenticating the credentials
                  .authenticationManager(authenticationManager)
                  // Custom persistence of the authentication
                  .securityContextRepository(securityContextRepository)
              );
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>httpBasicCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="ServerHttpSecurity.HttpBasicSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.HttpBasicSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="passwordManagement()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>passwordManagement</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.PasswordManagementSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.PasswordManagementSpec</a>&nbsp;passwordManagement()</pre>
<div class="block">Configures password management. An example configuration is provided below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .passwordManagement();
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.PasswordManagementSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.PasswordManagementSpec</code></a> to customize</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.6</dd>
</dl>
</li>
</ul>
<a id="passwordManagement(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>passwordManagement</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;passwordManagement&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.PasswordManagementSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.PasswordManagementSpec</a>&gt;&nbsp;passwordManagementCustomizer)</pre>
<div class="block">Configures password management. An example configuration is provided below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .passwordManagement(passwordManagement -&gt;
                // Custom change password page.
                passwordManagement.changePasswordPage("/custom-change-password-page")
          );
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>passwordManagementCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options
for the <a href="ServerHttpSecurity.PasswordManagementSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.PasswordManagementSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.6</dd>
</dl>
</li>
</ul>
<a id="formLogin()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>formLogin</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.FormLoginSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.FormLoginSpec</a>&nbsp;formLogin()</pre>
<div class="block">Configures form based authentication. An example configuration is provided below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .formLogin()
              // used for authenticating the credentials
              .authenticationManager(authenticationManager)
              // Custom persistence of the authentication
              .securityContextRepository(securityContextRepository)
              // expect a log in page at "/authenticate"
              // a POST "/authenticate" is where authentication occurs
              // error page at "/authenticate?error"
              .loginPage("/authenticate");
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.FormLoginSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.FormLoginSpec</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="formLogin(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>formLogin</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;formLogin&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.FormLoginSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.FormLoginSpec</a>&gt;&nbsp;formLoginCustomizer)</pre>
<div class="block">Configures form based authentication. An example configuration is provided below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .formLogin((formLogin) -&gt;
              formLogin
                // used for authenticating the credentials
                .authenticationManager(authenticationManager)
                // Custom persistence of the authentication
                .securityContextRepository(securityContextRepository)
                // expect a log in page at "/authenticate"
                // a POST "/authenticate" is where authentication occurs
                // error page at "/authenticate?error"
                .loginPage("/authenticate")
          );
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>formLoginCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="ServerHttpSecurity.FormLoginSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.FormLoginSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="x509()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>x509</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.X509Spec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.X509Spec</a>&nbsp;x509()</pre>
<div class="block">Configures x509 authentication using a certificate provided by a client.
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          .x509()
                .authenticationManager(authenticationManager)
              .principalExtractor(principalExtractor);
      return http.build();
  }
 </pre>
Note that if extractor is not specified, <a href="../../../web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.html" title="class in org.springframework.security.web.authentication.preauth.x509"><code>SubjectDnX509PrincipalExtractor</code></a>
will be used. If authenticationManager is not specified,
<a href="../../../web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.html" title="class in org.springframework.security.web.server.authentication"><code>ReactivePreAuthenticatedAuthenticationManager</code></a> will be used.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.X509Spec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.X509Spec</code></a> to customize</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.2</dd>
</dl>
</li>
</ul>
<a id="x509(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>x509</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;x509&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.X509Spec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.X509Spec</a>&gt;&nbsp;x509Customizer)</pre>
<div class="block">Configures x509 authentication using a certificate provided by a client.
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          .x509((x509) -&gt;
              x509
                    .authenticationManager(authenticationManager)
                  .principalExtractor(principalExtractor)
          );
      return http.build();
  }
 </pre>
Note that if extractor is not specified, <a href="../../../web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.html" title="class in org.springframework.security.web.authentication.preauth.x509"><code>SubjectDnX509PrincipalExtractor</code></a>
will be used. If authenticationManager is not specified,
<a href="../../../web/server/authentication/ReactivePreAuthenticatedAuthenticationManager.html" title="class in org.springframework.security.web.server.authentication"><code>ReactivePreAuthenticatedAuthenticationManager</code></a> will be used.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>x509Customizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="ServerHttpSecurity.X509Spec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.X509Spec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.2</dd>
</dl>
</li>
</ul>
<a id="oauth2Login()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>oauth2Login</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.OAuth2LoginSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2LoginSpec</a>&nbsp;oauth2Login()</pre>
<div class="block">Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0
Provider.
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .oauth2Login()
              .authenticationConverter(authenticationConverter)
              .authenticationManager(manager);
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.OAuth2LoginSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.OAuth2LoginSpec</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="oauth2Login(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>oauth2Login</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;oauth2Login&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.OAuth2LoginSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2LoginSpec</a>&gt;&nbsp;oauth2LoginCustomizer)</pre>
<div class="block">Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0
Provider.
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .oauth2Login((oauth2Login) -&gt;
              oauth2Login
                  .authenticationConverter(authenticationConverter)
                  .authenticationManager(manager)
          );
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>oauth2LoginCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="ServerHttpSecurity.OAuth2LoginSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.OAuth2LoginSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="oauth2Client()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>oauth2Client</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.OAuth2ClientSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2ClientSpec</a>&nbsp;oauth2Client()</pre>
<div class="block">Configures the OAuth2 client.
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .oauth2Client()
              .clientRegistrationRepository(clientRegistrationRepository)
              .authorizedClientRepository(authorizedClientRepository);
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.OAuth2ClientSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.OAuth2ClientSpec</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="oauth2Client(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>oauth2Client</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;oauth2Client&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.OAuth2ClientSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2ClientSpec</a>&gt;&nbsp;oauth2ClientCustomizer)</pre>
<div class="block">Configures the OAuth2 client.
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .oauth2Client((oauth2Client) -&gt;
              oauth2Client
                  .clientRegistrationRepository(clientRegistrationRepository)
                  .authorizedClientRepository(authorizedClientRepository)
          );
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>oauth2ClientCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for
the <a href="ServerHttpSecurity.OAuth2ClientSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.OAuth2ClientSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="oauth2ResourceServer()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>oauth2ResourceServer</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.OAuth2ResourceServerSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2ResourceServerSpec</a>&nbsp;oauth2ResourceServer()</pre>
<div class="block">Configures OAuth 2.0 Resource Server support.
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .oauth2ResourceServer()
              .jwt()
                  .publicKey(publicKey());
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.OAuth2ResourceServerSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.OAuth2ResourceServerSpec</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="oauth2ResourceServer(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>oauth2ResourceServer</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;oauth2ResourceServer&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.OAuth2ResourceServerSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.OAuth2ResourceServerSpec</a>&gt;&nbsp;oauth2ResourceServerCustomizer)</pre>
<div class="block">Configures OAuth 2.0 Resource Server support.
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .oauth2ResourceServer((oauth2ResourceServer) -&gt;
              oauth2ResourceServer
                  .jwt((jwt) -&gt;
                      jwt
                          .publicKey(publicKey())
                  )
          );
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>oauth2ResourceServerCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more
options for the <a href="ServerHttpSecurity.OAuth2ResourceServerSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.OAuth2ResourceServerSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="headers()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>headers</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.HeaderSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HeaderSpec</a>&nbsp;headers()</pre>
<div class="block">Configures HTTP Response Headers. The default headers are:
<pre> Cache-Control: no-cache, no-store, max-age=0, must-revalidate
 Pragma: no-cache
 Expires: 0
 X-Content-Type-Options: nosniff
 Strict-Transport-Security: max-age=31536000 ; includeSubDomains
 X-Frame-Options: DENY
 X-XSS-Protection: 1; mode=block
 </pre>
such that "Strict-Transport-Security" is only added on secure requests.
An example configuration is provided below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .headers()
              // customize frame options to be same origin
              .frameOptions()
                  .mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN)
                  .and()
              // disable cache control
              .cache().disable();
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.HeaderSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.HeaderSpec</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="headers(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>headers</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;headers&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.HeaderSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.HeaderSpec</a>&gt;&nbsp;headerCustomizer)</pre>
<div class="block">Configures HTTP Response Headers. The default headers are:
<pre> Cache-Control: no-cache, no-store, max-age=0, must-revalidate
 Pragma: no-cache
 Expires: 0
 X-Content-Type-Options: nosniff
 Strict-Transport-Security: max-age=31536000 ; includeSubDomains
 X-Frame-Options: DENY
 X-XSS-Protection: 1; mode=block
 </pre>
such that "Strict-Transport-Security" is only added on secure requests.
An example configuration is provided below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .headers((headers) -&gt;
              headers
                  // customize frame options to be same origin
                  .frameOptions((frameOptions) -&gt;
                      frameOptions
                          .mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN)
                   )
                  // disable cache control
                  .cache((cache) -&gt;
                      cache
                          .disable()
                  )
          );
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>headerCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="ServerHttpSecurity.HeaderSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.HeaderSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="exceptionHandling()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>exceptionHandling</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.ExceptionHandlingSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.ExceptionHandlingSpec</a>&nbsp;exceptionHandling()</pre>
<div class="block">Configures exception handling (i.e. handles when authentication is requested). An
example configuration can be found below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .exceptionHandling()
              // customize how to request for authentication
              .authenticationEntryPoint(entryPoint);
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.ExceptionHandlingSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.ExceptionHandlingSpec</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="exceptionHandling(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>exceptionHandling</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;exceptionHandling&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.ExceptionHandlingSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.ExceptionHandlingSpec</a>&gt;&nbsp;exceptionHandlingCustomizer)</pre>
<div class="block">Configures exception handling (i.e. handles when authentication is requested). An
example configuration can be found below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .exceptionHandling((exceptionHandling) -&gt;
              exceptionHandling
                  // customize how to request for authentication
                  .authenticationEntryPoint(entryPoint)
          );
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>exceptionHandlingCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options
for the <a href="ServerHttpSecurity.ExceptionHandlingSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.ExceptionHandlingSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="authorizeExchange()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>authorizeExchange</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.AuthorizeExchangeSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.AuthorizeExchangeSpec</a>&nbsp;authorizeExchange()</pre>
<div class="block">Configures authorization. An example configuration can be found below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .authorizeExchange()
              // any URL that starts with /admin/ requires the role "ROLE_ADMIN"
              .pathMatchers("/admin/**").hasRole("ADMIN")
              // a POST to /users requires the role "USER_POST"
              .pathMatchers(HttpMethod.POST, "/users").hasAuthority("USER_POST")
              // a request to /users/{username} requires the current authentication's username
              // to be equal to the {username}
              .pathMatchers("/users/{username}").access((authentication, context) -&gt;
                  authentication
                      .map(Authentication::getName)
                      .map((username) -&gt; username.equals(context.getVariables().get("username")))
                      .map(AuthorizationDecision::new)
              )
              // allows providing a custom matching strategy that requires the role "ROLE_CUSTOM"
              .matchers(customMatcher).hasRole("CUSTOM")
              // any other request requires the user to be authenticated
              .anyExchange().authenticated();
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.AuthorizeExchangeSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.AuthorizeExchangeSpec</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="authorizeExchange(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>authorizeExchange</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;authorizeExchange&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.AuthorizeExchangeSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.AuthorizeExchangeSpec</a>&gt;&nbsp;authorizeExchangeCustomizer)</pre>
<div class="block">Configures authorization. An example configuration can be found below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .authorizeExchange((exchanges) -&gt;
              exchanges
                  // any URL that starts with /admin/ requires the role "ROLE_ADMIN"
                  .pathMatchers("/admin/**").hasRole("ADMIN")
                  // a POST to /users requires the role "USER_POST"
                  .pathMatchers(HttpMethod.POST, "/users").hasAuthority("USER_POST")
                  // a request to /users/{username} requires the current authentication's username
                  // to be equal to the {username}
                  .pathMatchers("/users/{username}").access((authentication, context) -&gt;
                      authentication
                          .map(Authentication::getName)
                          .map((username) -&gt; username.equals(context.getVariables().get("username")))
                          .map(AuthorizationDecision::new)
                  )
                  // allows providing a custom matching strategy that requires the role "ROLE_CUSTOM"
                  .matchers(customMatcher).hasRole("CUSTOM")
                  // any other request requires the user to be authenticated
                  .anyExchange().authenticated()
          );
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>authorizeExchangeCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options
for the <a href="ServerHttpSecurity.AuthorizeExchangeSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.AuthorizeExchangeSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="logout()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>logout</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.LogoutSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.LogoutSpec</a>&nbsp;logout()</pre>
<div class="block">Configures log out. An example configuration can be found below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .logout()
              // configures how log out is done
              .logoutHandler(logoutHandler)
              // log out will be performed on POST /signout
              .logoutUrl("/signout")
              // configure what is done on logout success
              .logoutSuccessHandler(successHandler);
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.LogoutSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.LogoutSpec</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="logout(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>logout</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;logout&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.LogoutSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.LogoutSpec</a>&gt;&nbsp;logoutCustomizer)</pre>
<div class="block">Configures log out. An example configuration can be found below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .logout((logout) -&gt;
              logout
                  // configures how log out is done
                  .logoutHandler(logoutHandler)
                  // log out will be performed on POST /signout
                  .logoutUrl("/signout")
                  // configure what is done on logout success
                  .logoutSuccessHandler(successHandler)
          );
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>logoutCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="ServerHttpSecurity.LogoutSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.LogoutSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="requestCache()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>requestCache</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.RequestCacheSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.RequestCacheSpec</a>&nbsp;requestCache()</pre>
<div class="block">Configures the request cache which is used when a flow is interrupted (i.e. due to
requesting credentials) so that the request can be replayed after authentication.
An example configuration can be found below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .requestCache()
              // configures how the request is cached
              .requestCache(requestCache);
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.RequestCacheSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.RequestCacheSpec</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="requestCache(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>requestCache</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;requestCache&#8203;(<a href="../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="ServerHttpSecurity.RequestCacheSpec.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity.RequestCacheSpec</a>&gt;&nbsp;requestCacheCustomizer)</pre>
<div class="block">Configures the request cache which is used when a flow is interrupted (i.e. due to
requesting credentials) so that the request can be replayed after authentication.
An example configuration can be found below:
<pre class="code">  &#064;Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
      http
          // ...
          .requestCache((requestCache) -&gt;
              requestCache
                  // configures how the request is cached
                  .requestCache(customRequestCache)
          );
      return http.build();
  }
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>requestCacheCustomizer</code> - the <a href="../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for
the <a href="ServerHttpSecurity.RequestCacheSpec.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity.RequestCacheSpec</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> to customize</dd>
</dl>
</li>
</ul>
<a id="authenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>authenticationManager</h4>
<pre class="methodSignature">public&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;authenticationManager&#8203;(<a href="../../../authentication/ReactiveAuthenticationManager.html" title="interface in org.springframework.security.authentication">ReactiveAuthenticationManager</a>&nbsp;manager)</pre>
<div class="block">Configure the default authentication manager.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>manager</code> - the authentication manager to use</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <code>ServerHttpSecurity</code> to customize</dd>
</dl>
</li>
</ul>
<a id="build()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>build</h4>
<pre class="methodSignature">public&nbsp;<a href="../../../web/server/SecurityWebFilterChain.html" title="interface in org.springframework.security.web.server">SecurityWebFilterChain</a>&nbsp;build()</pre>
<div class="block">Builds the <a href="../../../web/server/SecurityWebFilterChain.html" title="interface in org.springframework.security.web.server"><code>SecurityWebFilterChain</code></a></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="../../../web/server/SecurityWebFilterChain.html" title="interface in org.springframework.security.web.server"><code>SecurityWebFilterChain</code></a></dd>
</dl>
</li>
</ul>
<a id="http()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>http</h4>
<pre class="methodSignature">public static&nbsp;<a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server">ServerHttpSecurity</a>&nbsp;http()</pre>
<div class="block">Creates a new instance.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the new <a href="ServerHttpSecurity.html" title="class in org.springframework.security.config.web.server"><code>ServerHttpSecurity</code></a> instance</dd>
</dl>
</li>
</ul>
<a id="setApplicationContext(org.springframework.context.ApplicationContext)">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>setApplicationContext</h4>
<pre class="methodSignature">protected&nbsp;void&nbsp;setApplicationContext&#8203;(org.springframework.context.ApplicationContext&nbsp;applicationContext)
                              throws org.springframework.beans.BeansException</pre>
<dl>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>org.springframework.beans.BeansException</code></dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
</div>
</main>

<footer role="contentinfo">
<nav role="navigation">

<div class="bottomNav"><a id="navbar.bottom">

</a>
<div class="skipNav"><a href="ServerHttpSecurity.html#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.bottom.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_bottom");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li><a href="ServerHttpSecurity.html#nested.class.summary">Nested</a>&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="ServerHttpSecurity.html#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="ServerHttpSecurity.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="ServerHttpSecurity.html#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="ServerHttpSecurity.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.bottom">

</a></div>

</nav>
</footer>
<script>if (window.parent == window) {(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-2728886-23', 'auto', {'siteSpeedSampleRate': 100});ga('send', 'pageview');}</script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194" integrity="sha512-Gi7xpJR8tSkrpF7aordPZQlW2DLtzUlZcumS8dMQjwDHEnw9I7ZLyiOj/6tZStRBGtGgN6ceN6cMH8z7etPGlw==" data-cf-beacon='{"rayId":"7040ef22f87597cf","token":"bffcb8a918ae4755926f76178bfbd26b","version":"2021.12.0","si":100}' crossorigin="anonymous"></script>
</body>
</html>
